[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What can't sudo do?

On Mon, Mar 15, 2004 at 02:52:49PM -0800, Bill Moseley wrote:
> If I use sudo (to
> try and provide most admin functions) then I would worry because my
> normal account then has more privileges that I'd want.  Then someone only
> need to gain access to my account instead of root.

I assume you're not using the NOPASSWD tag; I dislike it for the same
reasons you seem to. When not using NOPASSWD, you're prompted for a
password only if 15 minutes has passed since you last used sudo. (The
delay is configurable; see sudoers(5) for timestamp_timeout.) When
you're done, just run 'sudo -k' to invalidate the timestamp as if 15
minutes had elapsed. After this, no one can use your sudo privileges
without re-entering the password.

Gregory K. Johnson
favorites: Vim, Mutt, LaTeX, Zsh, screen or Fluxbox, Python or C,
           Linux, Debian, the GPL, man pages, RPN, HP 48/49, PSION 5mx

Reply to: